Login Main site Create account

25.01.2008 09:54

Cisco VPN Client Patch update for 2.6.24 final


As 2.6.24 was released today I had a look at the code and recognized that the "init_net" symbol is now again exported using EXPORT_SYMBOL() instead of EXPORT_SYMBOL_GPL() so the Cisco VPN client can make use of it again.

Below is the updated patch to reflect this change.
Installation instructions:
1. Untar the VPN Client
# tar xzf vpnclient-linux-4.8.01.0640-k9.tar.gz

2. Download the patch
# wget -q http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

3. Change to the vpnclient diretory
# cd vpnclient

4. Apply the patch
# patch <../vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c


Now the patch has been applied and you can safely install the client
#./vpn_install

Downloads:

Links:

Please consider donating if this patch was helpful to you, thanks!
Comments added earlier to http://tuxx-home.at/archives/2008/01/25/T09_54_46/index.html:
Guest on 2008-02-10 12:29:27 wrote:
Hello,
unfortunately I still get an error with your patch, in interceptor.c:
line 794 : invalid operands to binary -
Anonymous thanks for all the previous patches which I have used in the past!
Alexander Griesser on 2008-02-10 18:59:27 wrote:
You will have to apply the cisco_skbuff_offset patch afterwards. Applying both patches works fine. The patch can be downloaded at http://projects.tuxx-home.at/ciscovpn/patches.
Guest on 2008-03-08 09:49:00 wrote:
My attempts keep erroring out:

# ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.


Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.


Directory containing linux kernel source code [/lib/modules/2.6.24.3-12.fc8/build]

* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.24.3-12.fc8/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.24.3-12.fc8/build" will be used to build the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.24.3-12.fc8/build SUBDIRS=/shared/vpnclient modules
/usr/src/kernels/2.6.24.3-12.fc8-i686/scripts/gcc-version.sh: line 22: gcc: command not found
/usr/src/kernels/2.6.24.3-12.fc8-i686/scripts/gcc-version.sh: line 23: gcc: command not found
make[1]: gcc: Command not found
make[1]: Entering directory `/usr/src/kernels/2.6.24.3-12.fc8-i686'
CC [M] /shared/vpnclient/linuxcniapi.o
/bin/sh: gcc: command not found
make[2]: *** [/shared/vpnclient/linuxcniapi.o] Error 127
make[1]: *** [_module_/shared/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.24.3-12.fc8-i686'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".
Alexander Griesser on 2008-03-08 18:49:07 wrote:
You don't have a C compiler installed on your system. Please install "gcc". If you're using a Debian-like system the package should be called "build-essentials".
Guest on 2008-03-10 23:16:18 wrote:
This guy is stealing your content and making money on the advertising:
http://aggregator.foolab.org/node/26196
Alexander Griesser on 2008-03-11 11:13:00 wrote:
Thanks for pointing this out, but I know this already. Infact, he doesn't only "steal" my content but content of other people too, if you want to call this stealing.

The positive effect of him doing this is that the pagerank in Google for my sites crawl up, the negative effect is that he earns money for doing this.

I think I'll contact Google Ads and tell them about it, would be the best way to stop him doing this.
Guest on 2008-03-16 10:17:41 wrote:
THANKS !!! Great work ;-) I tried hacking it myself first, but on such a ugly way (remove the whole for_each_netdev check ;p) that i got seg faults during insmod.

I'm on Fedora 8 and with this patch you can get it compiled & loaded in the kernel.

Only thing i do notice is that size of the module is pretty large, maybe stripping it will fix that?
Alexander Griesser on 2008-03-16 15:04:09 wrote:
Removing the for_each_netdev() part works as long as you manually set the variable containing the number of available network interfaces to at least "1" (don't recall the name of the variable without having a look at the code).

Thanks for confirming that it worked for you!

What do you mean with "pretty large"? What size are we talking about?
Guest on 2008-03-16 21:26:07 wrote:
lsmod reports:

Module Size
cisco_ipsec 599132

That's almost 3 times as big and the 2nd largest loaded module 'ipv6', with a size of 228357.
Alexander Griesser on 2008-03-17 07:53:53 wrote:
I think comparing third-party kernel modules with inline kernel modules is a bit unfair, as inline kernel modules usually share code amongst each others resp. part of inline kernel modules like ipv6 are available in other kernel modules or are already compiled into the kernel.

On my system f.ex., cisco_ipsec is a bit smaller than yours but not that much (maybe due to the fact that I'm using the 32bit version?) but compared to the Matrox Parhelia driver, cisco_ipsec isn't that big anymore :)

vi-edv003:~# lsmod
Module Size Used by
mtx 1406048 2
cisco_ipsec 595644 0
vi-edv003:~#
Guest on 2008-04-01 17:28:24 wrote:
hi...
where i can download vpnclient-linux-4.8.01.0640-k9.tar.gz from?
I can only find x86_64 version and I need 32bit version...

regards
kahuna
Alexander Griesser on 2008-04-02 08:38:49 wrote:
x86_64 is just fine. Since 4.8.01, Cisco only releases a so-called biarch installer that supports both architectures: x86_32 and x86_64, so downloading the x86_64 version is what you want.
Guest on 2008-04-14 23:13:38 wrote:
hi, my name is Abdul-Jabbar

Thanks a lot for your website. When I try to connect via vpnclient I get the followingresult:
---------------------------------------------------------------------------
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient

Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.
-----------------------------------------------------------------------------

Do you have an idea how to fix that?
Guest on 2008-04-26 19:16:19 wrote:
thx a lot! works like a charm on ubuntu 8.04
Guest on 2008-05-18 22:40:23 wrote:
I'm having problems with this patch.
I have:
vpnclient-linux-4.8.00.0490-k9.tar.gz
and:
vpnclient-linux-2.6.24-final.diff
Running on Ubuntu 8.04 (Hardy), running kernel:
Linux mercury 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64 GNU/Linux

And when I do:
mjb@mercury:~/vpnclient$ patch < ../vpnclient-linux-2.6.24-final.diff

I get:
patching file GenDefs.h
patching file interceptor.c
Hunk #1 succeeded at 24 (offset -4 lines).
Hunk #2 succeeded at 48 (offset -4 lines).
Hunk #3 FAILED at 107.
Hunk #4 succeeded at 123 (offset -23 lines).
Hunk #5 FAILED at 350.
Hunk #6 succeeded at 849 (offset -86 lines).
Hunk #7 succeeded at 891 (offset -86 lines).
2 out of 7 hunks FAILED -- saving rejects to file interceptor.c.rej

Can you help?
Alexander Griesser on 2008-05-19 09:20:15 wrote:
This patch only applies to the latest available Cisco VPN client (4.8.01), so you have to get the updated software.

http://projects.tuxx-home.at/ciscovpn/clients/linux/

In the future please use the forum (http://forum.tuxx-home.at) to report problems.
Guest on 2008-08-21 16:18:56 wrote:
Thanks for all the work that you do. You keep me going.
Guest on 2009-04-14 22:03:11 wrote:
I get this error when starting the client:

sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.27-11-server/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)

Does anyone knows wy?
Thanks a lot.
Guest on 2011-02-06 14:12:33 wrote:
Hello,

I have followed the instructions to the letter, but I'm getting the same errors as reported in an earlier post. The suggested solution was to install gcc but I have that installed on my system already (Ubuntu 10.04). Any other suggestions please ? Error messages copied below.

Michael

michael@michael-desktop:~/vpnclient$ sudo ./vpn_install

Cisco Systems VPN Client Version 4.8.02 (0030) Linux Installer

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.



By installing this product you agree that you have read the

license.txt file (The VPN Client license) and will comply with

its terms.





Directory where binaries will be installed [/usr/local/bin]



Automatically start the VPN service at boot time [yes]



In order to build the VPN kernel module, you must have the

kernel headers for the version of the kernel you are running.





Directory containing linux kernel source code [/lib/modules/2.6.32-24-generic/build]



* Binaries will be installed in "/usr/local/bin".

* Modules will be installed in "/lib/modules/2.6.32-24-generic/CiscoVPN".

* The VPN service will be started AUTOMATICALLY at boot time.

* Kernel source from "/lib/modules/2.6.32-24-generic/build" will be used to build the module.



Is the above correct [y]



Making module

make -C /lib/modules/2.6.32-24-generic/build SUBDIRS=/home/michael/vpnclient modules

make[1]: Entering directory `/usr/src/linux-headers-2.6.32-24-generic'

CC [M] /home/michael/vpnclient/interceptor.o

/home/michael/vpnclient/interceptor.c: In function ‘add_netdev’:

/home/michael/vpnclient/interceptor.c:284: error: assignment of read-only location ‘*dev->netdev_ops’

/home/michael/vpnclient/interceptor.c: In function ‘remove_netdev’:

/home/michael/vpnclient/interceptor.c:311: error: assignment of read-only location ‘*dev->netdev_ops’

make[2]: *** [/home/michael/vpnclient/interceptor.o] Error 1

make[1]: *** [_module_/home/michael/vpnclient] Error 2

make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-24-generic'

make: *** [default] Error 2

Failed to make module "cisco_ipsec.ko".

michael@michael-desktop:~/vpnclient$

Your comment (HTML tags will be stripped !!):

To verify You are not a bot, type down text from this image.

Your try: